Suprise? Rather not. What's more, the thing is rather not
regulated in most countries, there's also nothing about that when
you subscribe for your Net access. It seems logical. Website-based
tools do not give very acurate results, because you can deal with
them using Adblock and such things. The request that come from your
machine... That's another source for analysis and a very good
one.

Then we come to EU data retention, which does look like a
distant subject, but it is not. What is the data to be stored under
the retention law? The same thing that I think is sold (probably in
slightly more aggregated form). That rises an concern about the use
of the stored data. Having it on the disks will make it much easier
to sell in huge volumes and also run certain data mining techniques
and then sell the results. With or without notifying the users.
Legally or not. With such amount of data (in Poland the project has
5 years of mandatory data storage, when EU max is 2 years) it's
easy to imagine that the data will leak. What we currently have may
be just a start of that.

Should the users be notified that their habbits, even websites
they visit are (or will be) monitored? I think they should. Clearly
notified.

The defence is encryption. Unfortunately not so many sites
support it (banks and financial institutions are exceptions here).
Also, there are sites where passwords fly unencrypted, sometimes
even clearly in the URL line. Trying not to use sites without even
basic security is quite hard. Every unencrypted action (most of web
browsing, many IM messages, emails etc) just travel the Net in
plaintext. Are you aware of that?